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- The MAILING DATE of this communication appears on the covor sheet with the correspondence address 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE MONTH(S) FROM 



THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )[3 Responsive to communication(s) filed on 29 July 2002 , 
2a)D This action is FINAL. 2b)S This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 7-14 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) H Claim(s) 7-14 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) S The specification is objected to by the Examiner. 

10) S The drawing(s) filed on 25 July 2001 is/are: a)D accepted or b)!3 objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

11) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 
Priority under 35 U.S.C. §§119 and 120 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 

a)DAII b)D Some*c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

13) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 119(e) (to a provisional application) 

since a specific reference was included in the first sentence of the specification or in an Application Data Sheet. 
37 CFR 1.78. 

a) □ The translation of the foreign language provisional application has been received. 

14) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121 since a specific 

reference was included in the first sentence of the specification or in an Application Data Sheet. 37 CFR 1.78. 



Attachment(s) 

1) Notice of References Cited (PTO-892) 4) EH Interview Summary (PTO-413) Paper No(s). 

2) CD Notice of Draftsperson's Patent Drawing Review (PTO-948) 5) O Notice of Informal Patent Application (PTO-152) 

3) [3 Information Disclosure Statement(s) (PTO-1449) Paper No(s) 7/29/2002 . 6) □ Other: 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 11-03) 



Office Action Summary 



Part of Paper No. 7 
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DETAILED ACTION 



Drawings 



1 . The drawings are objected to because the item number of 
ManagedConnectionFactory in Fig 4 does not match the number in the specification. 
The ManagedConnectionFactory is identified as item 206 in Fig 4 t however, the 
ManagedConnectionFactory is identified as 216 in page 25, line 7 and line 17. A 
proposed drawing correction or corrected drawings are required in reply to the Office 
action to avoid abandonment of the application. The objection to the drawings will not 
be held in abeyance. 



2. The disclosure is objected to because of the following informalities: 

The section under Security Contract from page 20 to page 26, all the items with 
1xx should be changed to 2xx (for example: subject 106 change to subject 206, 
Generic Credential Interface 108 change to Generic Credential Interface 208) 
The paragraph of Option B in page 27 is not clear. 
Appropriate correction is required. 



Specification 



Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
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A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

4. Claims 7-11,13 are rejected under 35 U.S.C. 1 02(b) as being clearly anticipated 
by Hu (US Patent No. 5,586,260). 

Regarding claim 7, Hu discloses a security system for a computer system having 
a server ( Fig 2, item 14) and a client (Fig 2, item 10), wherein said server utilizes a 
resource adapter (Fig 2, item 14; col 5, line 7-10 gateway is a collection of runtime 
libraries and processes. Collectively, the gateway allows a client user to log in to the 
server security domain and to set up appropriate credentials so that a proxy server can 
later act on this user's behalf) to interface with an enterprise information system (Fig 2, 
item 12; col 1, line 35 Distributed Computing Environment), wherein said security 
system includes a security context (col 5, line 28-30 the authentication gateway obtains 
and saves the server credentials for the client, the client's server-based security 
context), said security context propagated from said server to said resource adapter (col 
2, line 64-65 passing the access key from authentication process to proxy server). 

Regarding claim 8, Hu discloses the server-domain entity is the access key that 
the authentication gateway will use to look up the user's security context (col 5, line 38- 
40) to meet the limitation of claim 8, wherein said security context contains a subject 
instance. 
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Regarding claim 9, Hu discloses the ACL contains an entry for each "principal" 
identity, and principals are identified by a certificate issued by some trusted authority, 
such as a security server. To obtain the certificate, a principal must first log in using 
either a secret key or a password (col 4, line 62-66). Hu also discloses the step of 
mutually authenticating includes generating a set of security credentials that would 
enable the client to call the server (col 1 , line 59-61 ). These meet the limitation of claim 
9, principals and credentials associated with subject instance. 

Regarding claim 10, Hu discloses the next step performed in proxy server 
process 20, on receipt of the call from the client application process, is to call the 
authentication gateway 22, as indicated in block 60, to retrieve the stored security 
context using the id (col 6, line 17-21) to meet the limitation of claim 10, comprising a 
generic credential interface. 

Regarding claims 1 1, Hu discloses the client logs in to the authentication 
gateway and provides a user name and password (abstract) to meet the limitation of 
claim 11, comprising a security principal interface. 

Regarding claim 13, Hu discloses a method of providing security in a computer 
system having a client, an application server, an application component, a 
resource adapter and a principal mapping module, and subject instance having 
the method comprising the step of: 
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• The application component invokes a connection request method on the 
resource adapter without passing in any security arguments (col 4, line 24, 
the login procedure is executed; Fig 3, item 34) 

• The resource adapter passes the connection request to the application 
server (Fig 3, item 44) 

• The application server is configured to use the principal mapping module 
(col 3, line 30-34) 

• The principal mapping module takes the subject instance with the caller 
principal and returns the subject instance with a valid resource principal 
and password credential instance to the application server (Fig 3, item 46) 

• The application server establishes a managed connection between the 
application server and the enterprise information system using the valid 
resource principal and password credential instance (Fig 3, item 48) 



5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is hot identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 



Claim Rejections - 35 USC § 103 
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6. Claims 12,14 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Hu (US Patent 5,586,260) in view of Lai et al (User authentication and authorization in 
the Javaplatform, Computer Security Applications Conference, 1999) 

Regarding claim 12, Hu discloses a data structure specifying a security contract 
for use in a computer system having a client, a server, and a resource adapter, the 
security contract specifying a relationship between software entities in said computer 
system, the security contract comprising: 

• A subject class (col 5, line 38-40) 

• A generic credential interface (col 6, line 1 7-21 ) 

• A password credential interface (in Abstract, the client logs in to the 
authentication gateway and provides a user name and password) 

Hu fails to disclose a java security principal interface in the data structure. Lai et 
al. discloses a java security principal interface (Fig 1 on page 286) for the 
purpose of associating a principal with a subject upon successful authentication 
to a service due to a subject may have multiple names (page 286, left column 
under subjects and principals section). It would have been obvious to a person of 
ordinary skill in the art at the time of the applicant's invention as made to include 
java security principal interface in Hu's computer security system. 

Regarding claim 14, Hu discloses a computer system for connecting a client 
process with an enterprise information system, the computer system comprising 
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an application server (Fig 4, Client Application Process), a resource adapter (Fig 
4, item 20 proxy server process), an application component (Fig 4, Client 
Application Process), an enterprise information system (Fig 4, item 12 server). 
Hu fails to disclose using a Java authentication and authorization service module 
(JAAS) for connecting a client process with an enterprise information system. Lai 
et al. discloses using JAAS to provide a framework and standard programming 
interface for authenticating users and for assigning privileges in a multi-user 
environment. Together with Java 2, an application can provide code-centric 
access control, user-centric access centric, or a combination of both (page 285, 
right column under Introduction section). It would have been obvious to a person 
of ordinary skill in the art at the time of the applicant's invention was made to 
include JASS in Hu's computer system for connecting a client process with an 
enterprise information system since the use of JASS has the advantage of 
providing both user-based authentication and access control capabilities. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Grace C. Lee whose telephone number is 703-305- 
0710. The examiner can normally be reached on Monday - Friday 8:00 am - 4:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 703-305-1830. The fax phone number 
for the organization where this application or proceeding is assigned is 703-746-7239. 
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Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is 703-305- 
3900. 

Grace C. Lee 
Examiner 
Art Unit 21 32 

GCL 

December 15, 2003 



